I'm not sure how this applies to what you are suggesting, but we should avoid passwords being in clear text in the configuration. I would suggest using a standard plugin interface similar to what I did with the secret key provider in the Flume Appender.
Ralph On Aug 19, 2013, at 7:29 AM, Gary Gregory <[email protected]> wrote: > On Mon, Aug 19, 2013 at 10:25 AM, Paul Benedict <[email protected]> wrote: >> Do you need the password ever after authentication? > > I guess it depends on whether the code handles re-auth in case of a > disconnect. > > Gary > >> >> >> On Mon, Aug 19, 2013 at 8:55 AM, Gary Gregory <[email protected]> wrote: >>> On Mon, Aug 19, 2013 at 7:27 AM, Ralph Goers <[email protected]> wrote: >>>> What passwords? >>> >>> For example: >>> >>> - org.apache.logging.log4j.core.net.SMTPManager.FactoryData.password >>> - org.apache.logging.log4j.core.net.JMSTopicManager.password >>> - org.apache.logging.log4j.core.net.JMSQueueManager.FactoryData.password >>> >>> Gary >>>> >>>> Ralph >>>> >>>> On Aug 19, 2013, at 4:22 AM, Gary Gregory <[email protected]> wrote: >>>> >>>>> I've seen it done many places: Should we track passwords internally as >>>>> char[] instead of String for ivars. >>>>> >>>>> This prevents Log4j spilling your secrets by accident in a toString to >>>>> internal log call. >>>>> >>>>> Gary >>>>> >>>>> -- >>>>> E-Mail: [email protected] | [email protected] >>>>> Java Persistence with Hibernate, Second Edition >>>>> JUnit in Action, Second Edition >>>>> Spring Batch in Action >>>>> Blog: http://garygregory.wordpress.com >>>>> Home: http://garygregory.com/ >>>>> Tweet! http://twitter.com/GaryGregory >>> >>> >>> >>> >>> -- >>> E-Mail: [email protected] | [email protected] >>> Java Persistence with Hibernate, Second Edition >>> JUnit in Action, Second Edition >>> Spring Batch in Action >>> Blog: http://garygregory.wordpress.com >>> Home: http://garygregory.com/ >>> Tweet! http://twitter.com/GaryGregory >> >> >> >> -- >> Cheers, >> Paul > > > > -- > E-Mail: [email protected] | [email protected] > Java Persistence with Hibernate, Second Edition > JUnit in Action, Second Edition > Spring Batch in Action > Blog: http://garygregory.wordpress.com > Home: http://garygregory.com/ > Tweet! http://twitter.com/GaryGregory
